================
Proof of Concept
================
In the vulnerable fields add <script>alert(0)</script> or any other code. The code is placed directly into the database.

Input is not sanatized and the code can be executed in ways that depend on the circumstances. During testing, the theme 'iShop 1.0.0' was used and the PoC JavaScript code was executed when I attempted to add a product or modify an existing product.